This is a remote position and can be located anywhere in Canada


The Smile CDR platform enables people and organizations to manage healthcare data better. It’s built around a standard made by HL7 called FHIR, which acts as a new universal language for healthcare data. Different information technology systems can communicate by speaking the same data language. Consider a career with us today.

Smile CDR is a strong brand with established trust and reputation in global healthcare technology markets. This newly created role will help enable interoperability of the organization’s health systems using a standards-based product that leverages the most proven FHIR implementation in the world.


The Privacy and Security department is responsible for ensuring compliance with the relevant legislation and client obligations in all Smile CDR products and services.  As part of the expected growth in the company, the P&S department requires an Information Security Analyst to provide key governance, risk management and audit services to support the multiple healthcare clients and internal operations.


  • Primary Information Security resources for provincial initiatives and Canadian clients.
  • Manage the Privacy and Security Corrective Action Log.
  • Engage Smile CDR Product and Development teams to improve security features and capabilities of software releases continually.
  • Collaborate with the Client Services department to review privacy and security requirements.
  • Coordinate resolution for vulnerabilities identified in Smile CDR products.
  • Conduct Privacy Impact and Threat Risk Assessments as required, including maintaining the Risk Register for the organization.
  • Coordinate security testing activities with clients, external consultants and internal departments.
  • Audit Smile CDR operations activity to include security operations, administrative access and vendors.
  • Maintain Privacy and Security policies, standards and procedures as necessary.
  • Assist in implementing and maintaining the organizational compliance requirements related to contractual obligations. Including but is not limited to HITRUST, ISO 27001 and SOC-2 Type II attestations.
  • Complete tasks as assigned by the Chief Privacy and Security Officer.


  • Completed Post-Secondary diploma in Business, Engineering, IT, Healthcare or related field, or equivalent experience.
  • Extensive experience with Canadian Privacy legislation such as PIPEDA and the various provincial/territorial Health Information Acts.
  • At least one of the following certifications:  CISSP, CEH, CRISC, CISA, or CISM.
  • Outstanding communication skills, both verbally and written.
  • 5+ years working with a large Canadian-based healthcare organization, ideally in Information Security or Risk Management.
  • Proven experience operating in an organization using the ISO 27001:2013 and NIST 800-53 security standards.
  • Familiarity with international privacy legislation such as GDPR and HIPAA.
  • Can demonstrate logical thinking and handle complex situations under pressure.
  • Experienced in creating documentation.
  • Familiarity with cloud platforms such as Azure and AWS.
  • Ability to manage multiple tasks concurrently with little supervision.
  • Able to communicate effectively and adjust to different audiences depending on business focus area (technical, privacy, legal, etc.)
  • Solid understanding of technical controls enforcing privacy and security requirements
  • Ability in creating policies, standards and procedures using the ISO 27001 standard or NIST framework.
  • Experience with CIPP/CA, Azure or AWS certifications and familiarity with ITIL are assets.

Smile CDR’s core values are respecting, embracing our differences, and celebrating our shared values. Our people are the foundation of our success, and we remain dedicated to building diverse and inclusive teams. We welcome and encourage candidates of all backgrounds to apply. Please let us know if you require accommodations or have questions during the application or interview process.